Originally posted by little_penguin
But wouldnt that be insecure running these programs as root?
it seems bizarre to me the idea that someone while your machine is online somehow it's going to infect it with a proccess
through some type of exploit in a server of something
that does nothing but set around and wait till you fire up muse (while you are off line) then try to run an exploit aimed at a muse buffer or something -- that would be like a worm that plays a melicious midi song or something ??
"evil music with hidden executable messages"
a music oriented trojan horse
just seems a little far fetched to me.
What really seems like a security threat is to patch you kernel so you DONT have to run them as root -- that give all processes like xinetd and your web browser and you mail server and such access to memory locking and rtc clock intrupts ! just so you don't have to run jack and muse as root.
these programs are beta and experimental so sometimes rarely they do screw stuff up and you have to reboot and this would be the case if you run them as root or not. User level processes can screw the stack just like root processes. The real question like i said earlier is melicious code imbedded in the overruns and there just is none.
the other day i lost acces to my serial ports for instance i assume a buffer overun. reboot argh.
Nothing is ever harmed permanently here at my house and i use these things with sudo alot.
the real danger of root is from the user typing stuff like "rm -R /"
i mean it isn't like these programs function on the net with open server ports or anything.
so for instance just think alittle and don't save a music file and call it /usr/sbin/modprobe or something.